Remote Code Execution Vulnerability in NVIDIA NeMo Framework
CVE-2025-23249

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Nemo Framework
Vendor: CVE Published:; 22 April 2025

Summary

The NVIDIA NeMo Framework is affected by a vulnerability that allows remote code execution through the deserialization of untrusted data. When exploited, this vulnerability may enable attackers to execute arbitrary code, potentially leading to unauthorized access and manipulation of sensitive data. Users of the NeMo Framework should take precautions and ensure they are updated to the latest version as recommended by NVIDIA to mitigate these risks.

Affected Version(s)

NeMo Framework Windows All versions prior to 25.02

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5641

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Jan 14, 2025